Обзор расширяемого протокола аутентификации и его методов
Автор: Никешин А.В., Шнитман В.З.
Журнал: Труды Института системного программирования РАН @trudy-isp-ran
Статья в выпуске: 2 т.30, 2018 года.
Бесплатный доступ
Данная статья представляет собой обзор расширяемого протокола аутентификации (Extensible Authentication Protocol, EAP), специфицированного комитетом Internet Engineering Task Force, IETF, и предоставляющего эффективный механизм встраивания в него различных методов аутентификации, а также обзор собственно методов аутентификации EAP, часть из которых была стандартизована в спецификациях IETF. Показано разнообразие механизмов, используемых для реализации сервиса аутентификации. Работа выполнялась при поддержке РФФИ, проект № 16-07-00603 «Верификация функций безопасности и оценка устойчивости к атакам реализаций протокола аутентификации EAP».
Безопасность, аутентификация, контроль доступа, методы eap
Короткий адрес: https://sciup.org/14916518
IDR: 14916518 | DOI: 10.15514/ISPRAS-2018-30(2)-7
Список литературы Обзор расширяемого протокола аутентификации и его методов
- IETF RFC 3748. B. Aboba, et al. Extensible Authentication Protocol (EAP). June 2004. Доступно по ссылке: https://tools.ietf.org/html/rfc3748
- IETF RFC 1661. W. Simpson. The Point-to-Point Protocol (PPP). July 1994. Available at https://tools.ietf.org/html/rfc1661
- IEEE Standard 802, Institute of Electrical and Electronics Engineers, "Local and Metropolitan Area Networks: Overview and Architecture", 1990.
- IETF RFC 791, Internet Protocol, September 1981. Available at https://tools.ietf.org/html/rfc791
- IEEE Standard 802.1X-2010 -IEEE Standard for Local and metropolitan area networks-Port-Based Network Access Control, 2010.
- IETF RFC 3579. B. Aboba and P. Calhoun. RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP). September 2003. Available at https://tools.ietf.org/html/rfc3579
- IETF RFC 4072. Eronen, et al. Diameter Extensible Authentication Protocol (EAP) Application. August 2005. Available at https://tools.ietf.org/html/rfc4072
- IEEE Standard 802.11-2007, Institute of Electrical and Electronics Engineers, "Standard for Local and metropolitan area networks -specific requirements -part 11: Wireless LAN Medium Access Control and Physical Layer specifications", 2007.
- IEEE Standard 802.16e-2005, Physical and Medium Access Control Layers for Combined Fixed and Mobile Operation in Licensed Bands. December 2005.
- IETF RFC 4306. Kaufman, C., Ed. Internet Key Exchange (IKEv2) Protocol. December 2005. Available at https://tools.ietf.org/html/rfc4306
- Extensible Authentication Protocol (EAP) Registry, Available at http://www.iana.org/assignments/eap-numbers/eap-numbers.xhtml, 25.04.2018
- IETF RFC 5246. Dierks, T. and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.2. August 2008. Available at https://tools.ietf.org/html/rfc5246
- IETF RFC 1994. W. Simpson. PPP Challenge Handshake Authentication Protoco. August 1996. Available at https://tools.ietf.org/html/rfc1994
- IETF RFC 2289. N. Haller, et al. A One-Time Password System. February 1998. Available at https://tools.ietf.org/html/rfc2289
- IETF RFC 4793. M. Nystroem. The EAP Protected One-Time Password Protocol (EAP-POTP). February 2007. Available at https://tools.ietf.org/html/rfc4793
- IETF RFC 4186. Haverinen & Salowey. Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM). January 2006. Available at https://tools.ietf.org/html/rfc4186
- European Telecommunications Standards Institute, "GSM Technical Specification GSM 03.20 (ETS 300 534): "Digital cellular telecommunication system (Phase 2); Security related network functions", August 1997.
- European Telecommunications Standards Institute, "GSM Technical Specification GSM 03.03 (ETS 300 523): "Digital cellular telecommunication system (Phase 2); Numbering, addressing and identification", April 1997.
- IETF RFC 4187. Arkko & Haverinen. Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA). January 2006. Available at https://tools.ietf.org/html/rfc4187
- 3rd Generation Partnership Project, "3GPP Technical Specification 3GPP TS 33.102 V5.1.0: "Technical Specification Group Services and System Aspects; 3G Security; Security Architecture (Release 5)", December 2002.
- 3rd Generation Partnership Project 2, "3GPP2 Enhanced Cryptographic Algorithms", September 2003.
- 3rd Generation Partnership Project, "3GPP Technical Specification 3GPP TS 23.003 V6.8.0: "3rd Generation Parnership Project; Technical Specification Group Core Network; Numbering, addressing and identification (Release 6)", December 2005.
- IETF RFC 5448. Arkko, et al. Improved Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA'). May 2009. Available at https://tools.ietf.org/html/rfc5448
- IETF RFC 4764. F. Bersani and H. Tschofenig. The EAP-PSK Protocol: A Pre-Shared Key Extensible Authentication Protocol (EAP) Method. January 2007. Available at https://tools.ietf.org/html/rfc4764
- IETF RFC 4763. M. Vanderveen and H. Soliman. Extensible Authentication Protocol Method for Shared-secret Authentication and Key Establishment (EAP-SAKE). November 2006. Available at https://tools.ietf.org/html/rfc4763
- M. Bellare and P. Rogaway. Entity Authentication and key distribution. In Advances in Cryptology -Crypto 93 Proceedings, pages 232-249, 1993.
- M. Bellare and P. Rogaway. Provably secure session key distribution: the three party case. In Proc. 27th Annual Symposium on the Theory of Computing, pages 57-66, 1995.
- IETF RFC 5433. Clancy & Tschofenig. Extensible Authentication Protocol -Generalized Pre-Shared Key (EAP-GPSK) Method. February 2009. Available at https://tools.ietf.org/html/rfc5433
- IETF RFC 5931, Harkins & Zorn. Extensible Authentication Protocol (EAP) Authentication Using Only a Password. August 2010. Available at https://tools.ietf.org/html/rfc5931
- Barker, E., Johnson, D., and M. Smid. Recommendations for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography. NIST Special Publication 800-56A, March 2007.
- IETF RFC 6124. Sheffer, et al. An EAP Authentication Method Based on the Encrypted Key Exchange (EKE) Protocol. February 2011. Available at https://tools.ietf.org/html/rfc6124
- Bellovin, S. and M. Merritt. Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. Proc. IEEE Symp. on Research in Security and Privacy, May 1992.
- IETF RFC 5216. Simon, et al. The EAP-TLS Authentication Protocol. March 2008. Available at https://tools.ietf.org/html/rfc5216
- IETF RFC 4346. Dierks, T. and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.1. April 2006. Available at https://tools.ietf.org/html/rfc4346
- IETF RFC 5106. Tschofenig, et al. The Extensible Authentication Protocol-Internet Key Exchange Protocol version 2 (EAP-IKEv2) Method. February 2008. Available at https://tools.ietf.org/html/rfc5106
- IETF RFC 5281. Funk & Blake-Wilson. Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0). August 2008. Available at https://tools.ietf.org/html/rfc5281
- IETF RFC 2865. Rigney, C., Willens, S., Rubens, A., and W. Simpson. Remote Authentication Dial In User Service (RADIUS). June 2000. Available at https://tools.ietf.org/html/rfc2865
- IETF RFC 3588. Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko. Diameter Base Protocol. September 2003. Available at https://tools.ietf.org/html/rfc3588
- IETF RFC 4851. Cam-Winget, et al. The Flexible Authentication via Secure Tunneling Extensible Authentication Protocol Method (EAP-FAST). May 2007. Available at https://tools.ietf.org/html/rfc4851
- IETF RFC 4507. Salowey, J., Zhou, H., Eronen, P., and H. Tschofenig. Transport Layer Security (TLS) Session Resumption without Server-Side State. May 2006. Available at https://tools.ietf.org/html/rfc4507
- IETF RFC 7170. Zhou, et al. Tunnel Extensible Authentication Protocol (TEAP) Version 1. May 2014. Available at https://tools.ietf.org/html/rfc7170
- Microsoft Corporation. : Protected Extensible Authentication Protocol (PEAP). December 2017. Available at https://msdn.microsoft.com/en-us/library/cc238354.aspx, 25.04.2018
- IETF RFC 6678. Hoeper, K., Hanna, S., Zhou, H., and J. Salowey. Requirements for a Tunnel-Based Extensible Authentication Protocol (EAP) Method. July 2012. Available at https://tools.ietf.org/html/rfc6678
- IETF RFC 5705. Rescorla, E. Keying Material Exporters for Transport Layer Security (TLS). March 2010. Available at https://tools.ietf.org/html/rfc5705
- IETF RFC 5077. Salowey, J., Zhou, H., Eronen, P., and H. Tschofenig. Transport Layer Security (TLS) Session Resumption without Server-Side State. January 2008. Available at https://tools.ietf.org/html/rfc5077